Josh's Windows Weblog » Why you shouldn’t turn off UAP in Windows Vista 5270

Why you shouldn’t turn off UAP in Windows Vista 5270

Lately in the newsgroups for the Windows Vista beta and a number of different online forums people are disabling one of the key pillars of Windows Vista’s increased security, UAC (User Account Control) formerly UAP (User Account Protection). 

 

This is really rubbing me the wrong way as it is ultimately going to hurt this technology succeed. Plus, it will undermine the effectiveness of much of the testing these individuals are doing on Windows Vista.  Not only is how to do this making its way around the beta audience, but now even the main stream tech sites like bink.nu are advertising how to do this.

 

Without this technology you are losing a large part of the security value adds for Windows Vista.  You instantly lose the ability to do Protected Mode Internet Explorer which one could argue is the major attack vector for today’s malware.  You lose Protected Admin which, it seems many admin’s are not too fond of but it helps protect us from ourselves.  You can say you don’t need this, you’re too good to make a mistake like some common user, but you are fooling yourself. 

 

The sad truth is that Malware is getting far more sophisticated and soon even the well intentioned and educated admin will end up with malware on his system and probably from an unlikely place.  Take Mark Russinovich’s recent experience with a rootkit on a Sony CD, I can’t think of anyone I know, that knows more about Windows and he still got a rootkit on his machine, that just scares me.

 

We should be ambassadors for this new technology, we should embrace it and
help it succeed, because without it Windows Vista will be just as susceptible as
Windows XP to Malware.  Oh and if you are one of those people that have turned UAC / UAP off, GO TURN IT BACK ON…


Sure you have to deal with a few prompts, its annoying sometimes, but not
overly so.  Most things you can do from a command prompt or by elevating
them, and if you can't...bug it, that is what we signed up for, right? 

 

Tomorrow I will cover some ways to be successful at running with UAP enabled.

Posted Dec 22 2005, 07:39 PM by Josh Phillips
Filed under: , ,

Follow Me on Twitter

Did you enjoy this article? If yes, then subscribe to our RSS 2.0 feed or

Comments

Gregg wrote re: Why you shouldn’t turn off UAP in Windows Vista 5270
on 12-22-2005 11:25 PM
I agree; when I talk to people about Vista, I tell them that the best feature is UAP coupled with Protected Mode IE. When I first started testing Vista I immediately turned off UAP because it was annoying. But now that I have been working with it for a while, it is easy to remember to get a CMD window up if I'm going to do something that requires Administrative priveleges. Honestly, if you don't enable UAP, what are you getting out of Vista other than frequent Explorer crashes?
josh's weblog wrote How to succeed at running Windows Vista with UAP enabled on 5270
on 12-23-2005 6:38 PM
Ok, so yesterday I vented a little bit of my frustration with people disabling UAP, but I think some...
Eddy wrote re: Why you shouldn’t turn off UAP in Windows Vista 5270
on 01-16-2006 5:37 PM
The problem is if people see the UAP Permit/Deny requester frequently when they are trying to do straightforward things, they will just get into the habit of clicking Permit without really thinking about it.

This will let malocious software in just as easily as if UAP is turned off.
Josh Phillips wrote re: Why you shouldn’t turn off UAP in Windows Vista 5270
on 01-24-2006 7:54 AM
There is that potential whcih is why in my recent chat with this team I asked what they are doing about the dialog overload. Take a look.
Windows is a registered trademark of Microsoft Corporation.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems Themed By nb development